-
# Lord of SQLInjection - SUCCUBUS - 공부 블로그
SUCCUBUS 문제
[https://kgginam.github.io/sqli/los-succubus/](https://kgginam.github.io/sqli/los-succubus/)
-
After getting the scan results we need to validate them manually using sqlmap, is there an automatic way?
-
When running sqli dumper error
[06/25/2024 12:32:44]System.TypeInitializationException: The initializer for type 'Globals' threw an exception. ---> System.IO.FileNotFoundException: Could not load fi…
-
E.g an input data is
"abc d 1 a g j ( adfd be u a dfe dadfe adfe ddfek kdkfke kdkdkfe and 1=1 union/* foo */select load_file('/etc/passwd')--"
Use current libinjection, the above data is not a…
-
当前插件只能查看,插件识别出来的注入点参数相应的数据包。
希望能够增加完整保存所有payload的测试日志:
- 插件判断存在SQLi的数据包中,非注入点参数对应的测试日志
- 插件判断不存在SQLi的数据包中,所有参数的测试日志
理由:
- 方便人工二次研判: 通过记录所有参数的测试日志,即使插件没有检测到SQL注入,我们也能进行人工二次研判。
- 有限支持一些邪教用法:在特…
-
```ts
const sqli = await sql.reserve();
await sqli.begin(async (sql) => await sql`select 1`);
sqli.release();
// sqli.begin is not a function
```
Is there a technical reason transactions are n…
-
### Description
Requests incorrectly fail `libinjection` detection (with `sos` fingerprint) for a fairly mundane string input.
### How to reproduce the misbehavior (-> curl call)
```
curl ht…
-
### Community Note
* Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the commu…
-
Uploading poc2.mp4…
this app security is so poor.
by bypassing authentication via sqli and then exploiting a file upload we can get remote code execution and control the server!
apply fil…
-
Hi,
we are currently running mod_security2 with the OWASP CoreRuleSet (CRS) in version 3.3.4.
And we get false-positive matches because of a user-defined XML-Filter for a GIS application.
It's so…